Delivering Relevance, Releasing Influence

IT Threat Evolution in Q3 2011: From Malware in QR Codes to Targeted Attacks on Corporations

Media

Links

Kaspersky Lab announces the publication of its IT Threat Evolution report for the third quarter of 2011. The company’s analysts noted a continued growth in cyber-attacks against some of the world’s biggest corporations throughout the period. When it comes to attacking smartphones, there were clear signs that cybercriminals have made Android their platform of choice. Increasingly sophisticated operations by malicious programs were also noted in Q3 along with some tried-and-tested methods: innocuous QR codes are now being used to conceal malware and computers are facing threats even before their operating systems start as cybercriminals revisit BIOS infection methods.

Corporate Network AttacksThe third quarter of 2011 saw corporate networks targeted by unidentified hackers as well as attacks by the hacktivist group Anonymous. Targets included the Italian cyber police, several US police units, and FBI contractors. Hackers also targeted the defense contractors Mitsubishi Heavy Industries and Vanguard Defense. These, and numerous other similar attacks, resulted in malicious users gaining access to employee and customer data, internal documentation, correspondence and classified data.

The number of new signatures for mobile threats targeting a selection of platforms, Q1, Q2 & Q3 2011

In July 2011, the DigiNotar certificate authority’s servers were hacked, resulting in 531 rogue certificates being generated by cybercriminals. By using fake SSL certificates for websites, the cybercriminals could access data sent to or from those sites even if an encrypted connection was used. Among the many resources targeted in the DigiNotar case were government agencies in several countries, as well as major Internet services such as Google, Yahoo!, Tor and Mozilla. DigiNotar eventually had to file for bankruptcy as a result of the hack.

“The DigiNotar attack was the second time a certificate authority had been hacked this year. Although the companies that issue root SSL certificates are required to pass a security audit, it is clear that the level of security at DigiNotar and its counterpart Comodo was far from perfect,” says Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab and author of the report. “The DigiNotar case should serve as a warning for other market players to strengthen their security policies.”

Malicious mobile programsIndividual users should also be on their guard; the number of malicious programs for mobile devices is increasing at an alarming rate. In particular, the last quarter saw the share of all mobile malware in 2011 targeting Android OS reach 40%, firmly establishing this platform as the leading target of malicious programs.

Kaspersky Lab analysts had anticipated that cybercriminals would look for new way to make money on Android malware, and it didn’t take long to happen. In July, an Android Trojan of the Zitmo family was detected that works together with its desktop counterpart Trojan-Spy.Win32.Zeus to allow cybercriminals to bypass the two-factor authentication used in many online banking systems.

Sometimes, malware can penetrate a mobile device in the most unexpected ways, such as via QR codes. A QR code is essentially a barcode but with a larger storage capacity. Cybercriminals are spreading SMS Trojans disguised as Android software by encoding malicious links in QR codes. After scanning the QR codes, mobile devices automatically download a malicious file which then sends SMS messages to premium-rate numbers.

Perhaps the most curious incident in Q3 saw hackers looking to the past for ideas when they realised that the protection afforded to today’s operating systems makes it virtually impossible to install a rootkit on a running system. Virus writers have once again turned to BIOS in an attempt to infect a system before it even boots up. It may be more than 10 years since the emergence of the infamous CIH virus (a.k.a. Chernobyl) that was capable of infecting BIOS, but the technology behind it is being employed once again.

Kaspersky Lab NewsroomKaspersky Lab has launched a new online newsroom, Kaspersky Lab Newsroom Europe (http://newsroom.kaspersky.eu/en), for journalists throughout Europe. The newsroom is specifically designed to serve many of the media’s most common requests, making it easier for journalists to find product and corporate information, facts and figures, editorial copy, images, videos and audio files, as well as details about the appropriate PR contacts.

About Kaspersky LabKaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.co.uk. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit http://www.securelist.com.